In Security and Trust Engineering our research and development work is mainly focused on: Network & Internet Security, Cloud and SOA-Security (SOA - Service Oriented Architectures) and Security Awareness.

IPv6 Security Solution Lab (IPv6SSL)

Security has recently become a very important concern in the use of IPv6 networks. Companies and industries are reluctant to move to (utilize) IPv6 networking because they are unsure about the security afforded them when using this new protocol. They want to be assured that the level of security will be at least the same or hopefully even higher than that given them with their use of IPv4. Of course the main force driving the use of IPv6 vice IPv4 is the lack of available new addresses in IPv4. This is a great motivating factor and companies are offering services in both IPv4 and IPv6. This having been said, there still remains a fear among vendors concerning weaknesses inherent in IPv6 which prevent them from using this protocol

Our Goal: Penetration Testing and Securing IPv6 Networks

The IPv6 Security Solution Lab (IPv6SSL) consists of two flexible components which enables it to offer a base security consulting system. The purpose of this lab is to test all the protocols and services used in IPv6 networks. The flexibility of this framework allows for the addition of any new attacks, that might be found in use on the Internet, to the system for further evaluation. We are also in process of developing new attacks with which to enhance the system.

Unlike some other security systems that make use of a simulated environment, our system runs in a real-time environment. These frameworks will be made available, as a package, for installation in real-time networks so that penetration tests, in real networks, will be possible. This will be really useful for companies and places that want to check just how secure their companies' networks are.

The easy to use user interface of this system allows users with only general IT experience to work with the system and understand it.

This framework received a Best Paper Award for ACM

Lab Uses Summary

Easily adding scripts to automatically detect new services and then listing them

Analyzing all available services in the network and listing the possible attacks that could be used against these services

Letting users choose a selection of attacks to use against these services and then performing the attacks

Produce a report advising users what nodes are in this network, what services are running, and what the security weaknesses are

The IPv6SSL does not simulate anything and is run in real networks. For example, it can test for security vulnerabilities in any network on which this framework has been installed

Users can easily add new, existing attacking scripts or write their own attacking scripts to be added to the database and easily called for testing

Access The System

This system is available from inside the University. Please click here.

New Attacks Added to IPv6SSL

During the master seminar in summer semester 2013, a group of our students working on generating different attacks or different attack scenarios to test IPv6 networks.